fix externalTrafficPolicy: Cluster

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
aenix-io · May 26, 2024 · 750fe3a · 750fe3a
1 parent 3254cc7
commit 750fe3a
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 29 deletions.
diff --git a/packages/system/cilium/Makefile b/packages/system/cilium/Makefile
@@ -9,4 +9,4 @@ update:
 	helm repo update cilium
 	helm pull cilium/cilium --untar --untardir charts --version 1.15
 	sed -i -e '/Used in iptables/d' -e '/SYS_MODULE/d' charts/cilium/values.yaml
-	patch -p3 --no-backup-if-mismatch < patches/fix-cgroups.patch
+	patch -p4 --no-backup-if-mismatch < patches/startup-script.patch
diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
@@ -114,15 +114,24 @@ spec:
           exec:
             command:
             - "true"
-        {{- else }}
+        {{- else if eq .Values.cni.chainingMode "generic-veth" }}
         command:
-        # Workaround: https://github.com/cilium/cilium/pull/27561
-        - /bin/sh
-        - -c
+        - /bin/bash
+        - -ec
         - |
-          rm -rf /run/cilium/cgroupv2
-          ln -sf /sys/fs/cgroup /run/cilium/cgroupv2
-          exec cilium-agent --config-dir=/tmp/cilium/config-map
+            # Workaround: https://github.com/kubeovn/kube-ovn/issues/4089
+            DEV=$(ip -j addr | jq --arg ip "$NODE_IP" -r '.[] | select(.addr_info[] | .local == $ip).ifname')
+            echo "using device: $DEV"
+            echo "waiting for ovn0 device"
+            until ip link show ovn0; do
+              sleep 5;
+            done
+            exec cilium-agent --config-dir=/tmp/cilium/config-map
+        {{- else }}
+        command:
+        - cilium-agent
+        args:
+        - --config-dir=/tmp/cilium/config-map
         {{- with .Values.extraArgs }}
         {{- toYaml . | trim | nindent 8 }}
         {{- end }}

diff --git a/packages/system/cilium/patches/fix-cgroups.patch b/packages/system/cilium/patches/fix-cgroups.patch
diff --git a/packages/system/cilium/patches/startup-script.patch b/packages/system/cilium/patches/startup-script.patch
@@ -0,0 +1,24 @@
+diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+index 2949091..3996e2f 100644
+--- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
++++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+@@ -114,6 +114,19 @@ spec:
+           exec:
+             command:
+             - "true"
++        {{- else if eq .Values.cni.chainingMode "generic-veth" }}
++        command:
++        - /bin/bash
++        - -ec
++        - |
++            # Workaround: https://github.com/kubeovn/kube-ovn/issues/4089
++            DEV=$(ip -j addr | jq --arg ip "$NODE_IP" -r '.[] | select(.addr_info[] | .local == $ip).ifname')
++            echo "using device: $DEV"
++            echo "waiting for ovn0 device"
++            until ip link show ovn0; do
++              sleep 5;
++            done
++            exec cilium-agent --config-dir=/tmp/cilium/config-map
+         {{- else }}
+         command:
+         - cilium-agent
diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml
@@ -1,4 +1,5 @@
 cilium:
+  devices: " ovn0"
   hubble:
     enabled: false
   externalIPs:
@@ -24,4 +25,10 @@ cilium:
     configMap: cni-configuration
   routingMode: native
   enableIPv4Masquerade: false
+  enableIPv6Masquerade: false
   enableIdentityMark: false
+  extraEnv:
+  - name: NODE_IP
+    valueFrom:
+      fieldRef:
+        fieldPath: status.hostIP